interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Implement _getdns_tls_context_set_min_proto_1_2(). 

Add a flag to the context (so, it's actually got something useful there!) and check the connection version on a successful handshake.
This means we need to access the context from a connection, so add a pointer to the context to the connection.
This commit is contained in:
Jim Hague 2018-12-07 11:11:33 +00:00
parent 64f0d6aaa8
commit 511dfc75ef
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/gnutls/tls-internal.h
View File

@ -34,6 +34,8 @@
#ifndef _GETDNS_TLS_INTERNAL_H #ifndef _GETDNS_TLS_INTERNAL_H
#define _GETDNS_TLS_INTERNAL_H #define _GETDNS_TLS_INTERNAL_H
#include <stdbool.h>
#include <gnutls/gnutls.h> #include <gnutls/gnutls.h>
#include <gnutls/crypto.h> #include <gnutls/crypto.h>
@ -52,13 +54,14 @@
typedef struct _getdns_tls_context { typedef struct _getdns_tls_context {
int unused; bool min_proto_1_2;
} _getdns_tls_context; } _getdns_tls_context;
typedef struct _getdns_tls_connection { typedef struct _getdns_tls_connection {
gnutls_session_t tls; gnutls_session_t tls;
gnutls_certificate_credentials_t cred; gnutls_certificate_credentials_t cred;
int shutdown; int shutdown;
_getdns_tls_context* ctx;
} _getdns_tls_connection; } _getdns_tls_connection;
typedef struct _getdns_tls_session { typedef struct _getdns_tls_session {

12
src/gnutls/tls.c
View File

@ -95,6 +95,7 @@ _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs)
if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_context))) if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_context)))
return NULL; return NULL;
res->min_proto_1_2 = false;
return res; return res;
} }
@ -113,7 +114,9 @@ void _getdns_tls_context_dane_init(_getdns_tls_context* ctx)
getdns_return_t _getdns_tls_context_set_min_proto_1_2(_getdns_tls_context* ctx) getdns_return_t _getdns_tls_context_set_min_proto_1_2(_getdns_tls_context* ctx)
{ {
(void) ctx; if (!ctx)
return GETDNS_RETURN_INVALID_PARAMETER;
ctx->min_proto_1_2 = true;
return GETDNS_RETURN_NOT_IMPLEMENTED; return GETDNS_RETURN_NOT_IMPLEMENTED;
} }
@ -157,6 +160,7 @@ _getdns_tls_connection* _getdns_tls_connection_new(struct mem_funcs* mfs, _getdn
return NULL; return NULL;
res->shutdown = 0; res->shutdown = 0;
res->ctx = ctx;
r = gnutls_certificate_allocate_credentials(&res->cred); r = gnutls_certificate_allocate_credentials(&res->cred);
if (r == GNUTLS_E_SUCCESS) if (r == GNUTLS_E_SUCCESS)
@ -270,8 +274,12 @@ getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn
return GETDNS_RETURN_INVALID_PARAMETER; return GETDNS_RETURN_INVALID_PARAMETER;
r = gnutls_handshake(conn->tls); r = gnutls_handshake(conn->tls);
if (r == GNUTLS_E_SUCCESS) if (r == GNUTLS_E_SUCCESS) {
if (conn->ctx->min_proto_1_2 &&
gnutls_protocol_get_version(conn->tls) < GNUTLS_TLS1_2)
return GETDNS_RETURN_GENERIC_ERROR;
return GETDNS_RETURN_GOOD; return GETDNS_RETURN_GOOD;
}
else else
return error_may_want_read_write(conn, r); return error_may_want_read_write(conn, r);
} }